Java Mailing List Archive

http://www.redhatconfig.com/

Home » Red Hat Enterprise Linux 5 »

RE: [rhelv5-list] ramdisk vs tmpfs in terms of security

Zavodsky, Daniel (GE Money)

2008-03-12

Replies: Find Java Web Hosting

Author LoginPost Reply
    Well you can set up encrypted swap quite easily, I am using swap encrypted with a randomly generated key at each startup with AES-128 via loop-aes and it is quite fast even on my older hardware (Intel Pentium M 1.7 GHz). When your swap is encrypted, you do not have to worry with using tmpfs.
 
Regards,
    Daniel Zavodsky

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 12:43 PM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security

As nice as tmpfs is the risk is not worth it unfortunately. I can’t have any decrypted data wriiten to physical disk.

 

Regards

 

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Zavodsky, Daniel (GE Money)
Sent: 12 March 2008 10:55
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security

 

I meant that even a full tmpfs may be swapped out if you are not accessing the files and other programs need the memory. However, if you create some files there, do operations on them and then immediately delete them, a swap out should not occur at the time you are using the tmpfs.

 

Best regards,

    Daniel

 


 

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 11:35 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security

That is a good point. However if there are no files on the tmpfs partition at the time of swap out, then this should not be a problem I believe.

 

Regards

 

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Zavodsky, Daniel (GE Money)
Sent: 12 March 2008 10:08
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: RE: [rhelv5-list] ramdisk vs tmpfs in terms of security

 

Hello,

    Be careful, tmpfs *may* be swapped out at a later time if you are not using it actively and other programs need the memory.

    Thus, always use encrypted swap if you want to be on the safe side.

 

Best regards,

    Daniel

 

 

From: rhelv5-list-bounces@redhat.com [mailto:rhelv5-list-bounces@redhat.com] On Behalf Of Gerrard Geldenhuis
Sent: Wednesday, March 12, 2008 10:58 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: [rhelv5-list] ramdisk vs tmpfs in terms of security

Hi

Can anyone comment of the security concerns of tmpfs vs ramdisk if used as scratch space to decrypt/encrypt data?

 

According to my understanding tmpfs should be just as safe as ramdisk as long as you limit the size to be smaller than the actual memory available. My only concern is what would happen if your memory is full and you then mount a new tmpfs. Will it be written to disk in swap space, that at least is what I understand would happen, which would not be great. But if you assign the tmpfs at boot time then there should not be any problem unless you grow beyond the intial size.

 

Regards

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list
©2008 redhatconfig.com - Jax Systems, LLC, U.S.A.